Authentication of a user and his credentials is the first line of defense. User authentication involves confirming the identity of a user and validating that a user is trusted and can use an electronic resource based on his credentials.
ID's can be lost or stolen during transactions (whether during login, payment, or other transactions), and ID's must be presented in many places explicitly. For example, in the process of electronic payment, one's credit card details must be presented to a counter party. Although an ID in a transaction may be encrypted, there are still many possibilities that an ID can be lost or stolen.
Static or fixed password is a common form of authentication method in use today. In the static password authentication method, the user enters static user ID and password on a client site and submits them. Then the request is sent to the authentication server to validate the credentials of the user. If the credentials are valid the user is transferred to the next page.
Point of Sales (POS) technology has been around for many years starting with the cash register in the late 1800s and early 1900s. With the advent of better computing capabilities, Internet and connected systems, in the 1970s and 1980s, POS was modernized to leverage advancing technology. Today, the modern, connected POS can be found everywhere and is now an integral part of the modern world.
A typical transaction with POS starts with the consumer swiping his credit card at a POS terminal at the merchant retailer's location. The merchant's system sends the swiped card data to the merchant's bank, which then sends the card data to the payment brand. The payment brand sends this data to the cardholder's bank, which checks the card details to verify the validity of the card. If everything matches, the cardholder's bank will send an authorization code to the payment brand who then forwards the code to the merchant's bank. The authorization code allows the merchant to complete the sale.
In recent times, many retail organizations have been victims of security breaches that target consumer payment card data. There are several examples within retail as well as within hospitality and healthcare locations. Many of these attacks have been orchestrated against the Point of Sales systems. The most recent one being the PoSeidon malware attacks. Given the recent spate of news on the POS vulnerabilities and attacks, many companies are looking for better solutions and improved defenses.
An object of the present invention is to provide an authentication system, authentication method, and key distribution method which permit improvement in the security of payment data and distribution process while making it easier to use than existing methods. The invention utilizes bi-directional, asynchronous, out-of-band authentication.